スペインの刑事訴訟法草案は、裁判所が許可を出せば、警察は犯罪容疑者個人の電脳機や電脳版(タブレット)の盗聴を可能に
BORRADOR DE ANTEPROYECTO DEL CÓDIGO PROCESAL PENAL
La policía podrá usar troyanos para investigar ordenadores y tabletas
La 'comisión Gallardón' propone técnicas de ‘hacking’ para crimen organizado y ciberdelitos
Su uso exige permiso judicial ante hechos de especial gravedad
Manuel Altozano Madrid 3 JUN 2013 - 22:00 CET
DRAFT DRAFT CRIMINAL PROCEDURE CODE
The police may use Trojans to investigate computers and tablets
The 'commission Gallardón' proposed techniques hacking to organized crime and cybercrime
Its use requires court permission to facts of particular gravity
Manuel Hillock Madrid 3 JUN 2013 - 22:00 CET
It is a weapon invaluable for the security forces, but may have problems of constitutionality and collide head with fundamental rights. The preliminary draft Criminal Procedure Code of the Ministry of Justice, commissioned by the department heads Alberto Ruiz-Gallardón a commission of experts coordinated by the secretary of state allows judges to authorize the police to install Trojans on the computers investigated to obtain the information they contain or that can be accessed through them. The text provides remote access computers-including tablets and smartphones-for offenses with maximum sentences longer than three years, for cybercrime and terrorism and organized crime, the judge always justify the proportionality of the intervention. So far, only Germany has passed a similar regulation, but only for cases of terrorism, before the invasion of privacy involved.
The Ministry has not yet decided whether to accept the proposal
The draft picks this possibility in Article 350, which allows the Court of Guarantees-which oversees the instruction of the case, that the proposal of Justice directed the Attorney-authorization "reasoned request" public ministry "the use of identification data and codes as well as the installation of software that allow, remotely and telematics, remote examination without knowledge of the owner or user of the contents of a computer. " Is, it allows the installation of a Trojan, one of those malicious-spyware programs, but in this case used for legitimate purposes, which are installed on a remote computer to control content remotely without the owner or user notice.
The ministry says that although the draft prepared by the experts will be the basis of his draft, for the moment no decision made on remote computers registry. "We will listen carefully to what we say on this matter, but we will not take a decision until we have discussed the findings make us come from different areas and groups," said a spokeswoman for Justice.
After installing this program, the possibilities are endless police. "Not only can you access the information stored on the hard drive, but also passwords that are stored in memory," says Juan Carlos Ortiz Pradillo, Professor of Procedural Law at the University of Castilla-La Mancha and specialist in the use of this software pirate by the security forces. "With these passwords can be accessed all email and social networks like Facebook and see where you've been lately, with whom you relate or what your hobbies ... Or communication programs such as Skype. Even all that the investigated stored on foreign servers, such as the Gmail, the cloud ... The keys for the decryption of the information, if protected, or the movements of bank accounts, if managed online "continues Ortiz. The Trojan may also provide IP (identification code) of computers or devices that have shared information or access to Internet searches of suspected criminal, the blogs you visit ... "You can get to know the personality of the offender and, in some cases, predict what is going to do," says Ortiz.
It will be used in case of offenses punishable with more than three years in prison
The ability to install these Trojans with permission from the judge not only affects computers. It also extends to any computer system, such as tablets or smart phones, pens or memory cards or portable hard drives. The Internet providers go, in these cases, to be obliged to cooperate with the agents to facilitate the access to computer data which seeks to enter. Also any other person "who knows the operation of the computer system or measures applied to protect data held in it to provide the information that is necessary". That is, from the head of an enterprise systems to a computer specialist. Even a hacker, if it is the right person to enter the computer should work investigated
In principle, the draft only provides these techniques for offenses committed intentionally (willfully) exceeds maximum penalty of three years in prison. Also for those committed by a group or criminal organization, ie those related to organized crime and terrorism, and to all those who are consumed by software tools: internet scams, child pornography, grooming (child sexual harassment online), cyberbullying (harassment in the network) ... The investigating computer also has to be found in Spain.
The key technical access to bank accounts
and social networks
"This is a stagecoach, from the point of view of police operation, can be very useful, but from the point of view of fundamental rights is very invasive," says Professor of Procedural Law at the University of the Basque Country ( UPV) Alberto Saiz, communications specialist intervention and currently Director of Litigation at the Legal Department of the Basque Government. "It affects the privacy of the investigation, but also the privacy of communications of an extensive form to be allowed into chats, Facebook, Skype, Twitter ...". "Also, unlike a phone, a computer can be used by several people who, despite not being under investigation, fundamental rights would be affected," she warns. For that reason, Saiz considers that the list of crimes that can be inquired into in this way is too broad (all that carry a maximum sentence of over three years). "There should be a closed catalog of crimes", proposed by Professor.
From the General Council of Spanish Lawyers (CGAE) considered "positive" with a commitment to new technologies in the new Code of Criminal Procedure, but believe that the computer remote intervention is a topic "delicate". Sources wonder body need to get into your computer. "If it was possible to identify the IP and it is a team in Spain, why not come and pick it up and then investigate its contents?" Says a spokesman. From CGAE say that by violating the right to privacy, the court decision authorizing diligence "must be approved with a particular object and determined". Although, they say, once you open the window to a computer "is difficult to realize."
"It is for this reason that the draft bill provides a very stringent requirements for approval by the court," said Nicolás González-Cuellar, Professor of Procedural Law and member of the committee of experts that prepared the text. "It requires that the offense is a severity greater than expected for a simple telephone intervention and resolution must prove that this method is proportional to the gravity of the offense and particularly suited to investigate. In addition, the resolution should define very well what the police can and can not do, "says González-Cuellar.
Germany has a similar law, but only for terrorism
The other fundamental questions are: who manufactures the Trojan to use?, What are its characteristics? Juan Carlos Ortiz Pradillo, the specialist litigators such records, says that due to the type of specialized criminals that this tool is focused, it is essential that your code secret to prevent criminals can send information through their computers false or even use it to their advantage to know they are being investigated. The teacher points out that it is authentic and cybercriminals investigating crimes can be particularly dangerous, such as terrorism and organized crime.
If the use of Trojans proposed draft bill is finally passed, Spain is the second European country to regulate after Germany. In that country, however, the Constitutional Court declared unconstitutional the law, approved by the State of North Rhine-Westphalia, as contrary to "the fundamental right to the guarantee of confidentiality and integrity of the equipment," says Ortiz. In that judgment were set strict limits for future regulations of this type: legal authorization exists, that the case of particularly serious crimes that affect the life, liberty or security of the State and to protect "the core essential privacy, "the professor of Castilla-La Mancha. With these limitations, the federal government passed a new law that allows the use of such software only for terrorism cases.
Some of the known spyware
■ Keylogger. It is a family of programs that allow you to log keystrokes made on the computer keyboard intervened. The information is stored on the computer itself or sent to another computer system via the Internet. The data thus obtained after a thorough analysis required to decrypt and obtain what is sought, for example, passwords or messages. This type of software can be installed remotely.
■ Computer and Internet Protocol Address Verifier (CIPAV). As keylogger program can be installed on the remote computer to be investigated, but, according to Professor of Procedural Law Juan Carlos Ortiz, the latter provides even more information. You can send across the network IP address of the computer system that analyzes, ports used, the browser, the programs implemented, the operating system (including version and serial number), stored passwords, IP addresses with which connects and recently visited pages. You can not access the contents of the communications made through it.
■ Other Trojans. According to the specialist in crime on the Internet, there are other more developed programs that allow, for example, record data from a remote computer depending on the type of information sought. Others also give access to storage devices connected to it. There are some that allow you to track any type of file, whatever their denomination.
■ System Hispalis. Created by the Civil Guard in 2005, you can not spy on computers, but to identify its IP through distributed files in P2P networks as Emule. Then, the agents must seize it.
0 件のコメント:
コメントを投稿